Auto-Update: 2024-01-25T09:00:26.358213+00:00

CVE-2023/CVE-2023-337xx/CVE-2023-33757.json

@@ -0,0 +1,20 @@
+{
+  "id": "CVE-2023-33757",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-01-25T08:15:08.420",
+  "lastModified": "2024-01-25T08:15:08.420",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A lack of SSL certificate validation in Splicecom iPCS (iOS App) v1.3.4, iPCS2 (iOS App) v2.8 and before, and iPCS (Android App) v1.8.5 and before allows attackers to eavesdrop on communications via a man-in-the-middle attack."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/twignet/splicecom",
+      "source": "cve@mitre.org"
+    }
+  ]
+}

CVE-2023/CVE-2023-337xx/CVE-2023-33758.json

@@ -0,0 +1,20 @@
+{
+  "id": "CVE-2023-33758",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-01-25T08:15:08.573",
+  "lastModified": "2024-01-25T08:15:08.573",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Splicecom Maximiser Soft PBX v1.5 and before was discovered to contain a cross-site scripting (XSS) vulnerability via the CLIENT_NAME and DEVICE_GUID fields in the login component."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/twignet/splicecom",
+      "source": "cve@mitre.org"
+    }
+  ]
+}

CVE-2023/CVE-2023-337xx/CVE-2023-33759.json

@@ -0,0 +1,20 @@
+{
+  "id": "CVE-2023-33759",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-01-25T08:15:08.637",
+  "lastModified": "2024-01-25T08:15:08.637",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "SpliceCom Maximiser Soft PBX v1.5 and before does not restrict excessive authentication attempts, allowing attackers to bypass authentication via a brute force attack."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/twignet/splicecom",
+      "source": "cve@mitre.org"
+    }
+  ]
+}

CVE-2023/CVE-2023-337xx/CVE-2023-33760.json

@@ -0,0 +1,20 @@
+{
+  "id": "CVE-2023-33760",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-01-25T08:15:08.707",
+  "lastModified": "2024-01-25T08:15:08.707",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "SpliceCom Maximiser Soft PBX v1.5 and before was discovered to utilize a default SSL certificate. This issue can allow attackers to eavesdrop on communications via a man-in-the-middle attack."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/twignet/splicecom",
+      "source": "cve@mitre.org"
+    }
+  ]
+}

CVE-2023/CVE-2023-38xx/CVE-2023-3812.json

@@ -2,7 +2,7 @@
   "id": "CVE-2023-3812",
   "sourceIdentifier": "secalert@redhat.com",
   "published": "2023-07-24T16:15:13.337",
-  "lastModified": "2024-01-03T06:15:46.847",
+  "lastModified": "2024-01-25T08:15:09.043",
   "vulnStatus": "Modified",
   "descriptions": [
     {
@@ -236,6 +236,14 @@
         "VDB Entry"
       ]
     },
+    {
+      "url": "https://access.redhat.com/errata/RHSA-2024:0340",
+      "source": "secalert@redhat.com"
+    },
+    {
+      "url": "https://access.redhat.com/errata/RHSA-2024:0378",
+      "source": "secalert@redhat.com"
+    },
     {
       "url": "https://access.redhat.com/security/cve/CVE-2023-3812",
       "source": "secalert@redhat.com",

CVE-2023/CVE-2023-391xx/CVE-2023-39191.json

@@ -2,7 +2,7 @@
   "id": "CVE-2023-39191",
   "sourceIdentifier": "secalert@redhat.com",
   "published": "2023-10-04T19:15:10.210",
-  "lastModified": "2023-11-07T14:15:21.300",
+  "lastModified": "2024-01-25T08:15:08.770",
   "vulnStatus": "Modified",
   "descriptions": [
     {
@@ -133,6 +133,10 @@
       "url": "https://access.redhat.com/errata/RHSA-2023:6583",
       "source": "secalert@redhat.com"
     },
+    {
+      "url": "https://access.redhat.com/errata/RHSA-2024:0381",
+      "source": "secalert@redhat.com"
+    },
     {
       "url": "https://access.redhat.com/security/cve/CVE-2023-39191",
       "source": "secalert@redhat.com",

CVE-2023/CVE-2023-427xx/CVE-2023-42753.json

@@ -2,7 +2,7 @@
   "id": "CVE-2023-42753",
   "sourceIdentifier": "secalert@redhat.com",
   "published": "2023-09-25T21:15:15.923",
-  "lastModified": "2024-01-11T19:15:11.010",
+  "lastModified": "2024-01-25T08:15:09.633",
   "vulnStatus": "Modified",
   "descriptions": [
     {
@@ -187,6 +187,30 @@
       "url": "https://access.redhat.com/errata/RHSA-2024:0134",
       "source": "secalert@redhat.com"
     },
+    {
+      "url": "https://access.redhat.com/errata/RHSA-2024:0340",
+      "source": "secalert@redhat.com"
+    },
+    {
+      "url": "https://access.redhat.com/errata/RHSA-2024:0346",
+      "source": "secalert@redhat.com"
+    },
+    {
+      "url": "https://access.redhat.com/errata/RHSA-2024:0347",
+      "source": "secalert@redhat.com"
+    },
+    {
+      "url": "https://access.redhat.com/errata/RHSA-2024:0371",
+      "source": "secalert@redhat.com"
+    },
+    {
+      "url": "https://access.redhat.com/errata/RHSA-2024:0376",
+      "source": "secalert@redhat.com"
+    },
+    {
+      "url": "https://access.redhat.com/errata/RHSA-2024:0378",
+      "source": "secalert@redhat.com"
+    },
     {
       "url": "https://access.redhat.com/security/cve/CVE-2023-42753",
       "source": "secalert@redhat.com",

CVE-2023/CVE-2023-51xx/CVE-2023-5178.json

@@ -2,8 +2,8 @@
   "id": "CVE-2023-5178",
   "sourceIdentifier": "secalert@redhat.com",
   "published": "2023-11-01T17:15:11.920",
-  "lastModified": "2024-01-16T19:43:20.573",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2024-01-25T08:15:10.027",
+  "vulnStatus": "Modified",
   "descriptions": [
     {
       "lang": "en",
@@ -237,6 +237,18 @@
         "Third Party Advisory"
       ]
     },
+    {
+      "url": "https://access.redhat.com/errata/RHSA-2024:0340",
+      "source": "secalert@redhat.com"
+    },
+    {
+      "url": "https://access.redhat.com/errata/RHSA-2024:0378",
+      "source": "secalert@redhat.com"
+    },
+    {
+      "url": "https://access.redhat.com/errata/RHSA-2024:0386",
+      "source": "secalert@redhat.com"
+    },
     {
       "url": "https://access.redhat.com/security/cve/CVE-2023-5178",
       "source": "secalert@redhat.com",

CVE-2024/CVE-2024-220xx/CVE-2024-22099.json

@@ -0,0 +1,55 @@
+{
+  "id": "CVE-2024-22099",
+  "sourceIdentifier": "security@openanolis.org",
+  "published": "2024-01-25T07:15:08.697",
+  "lastModified": "2024-01-25T07:15:08.697",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "NULL Pointer Dereference vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (net, bluetooth modules) allows Overflow Buffers. This vulnerability is associated with program files /net/bluetooth/rfcomm/core.C.\n\nThis issue affects Linux kernel: v2.6.12-rc2.\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@openanolis.org",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "HIGH",
+          "baseScore": 6.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 4.0
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@openanolis.org",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-476"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=7956",
+      "source": "security@openanolis.org"
+    }
+  ]
+}

CVE-2024/CVE-2024-233xx/CVE-2024-23307.json

@@ -0,0 +1,55 @@
+{
+  "id": "CVE-2024-23307",
+  "sourceIdentifier": "security@openanolis.org",
+  "published": "2024-01-25T07:15:09.940",
+  "lastModified": "2024-01-25T07:15:09.940",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Integer Overflow or Wraparound vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (md, raid, raid5 modules) allows Forced Integer Overflow."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@openanolis.org",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "HIGH",
+          "baseScore": 4.4,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 0.7,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@openanolis.org",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-190"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=7975",
+      "source": "security@openanolis.org"
+    }
+  ]
+}

README.md

@@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2024-01-25T07:00:24.258324+00:00
+2024-01-25T09:00:26.358213+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2024-01-25T06:15:50.533000+00:00
+2024-01-25T08:15:10.027000+00:00
 ```
 
 ### Last Data Feed Release
@@ -29,21 +29,29 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-236776
+236782
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `2`
+Recently added CVEs: `6`
 
-* [CVE-2023-50785](CVE-2023/CVE-2023-507xx/CVE-2023-50785.json) (`2024-01-25T06:15:50.533`)
-* [CVE-2024-23985](CVE-2024/CVE-2024-239xx/CVE-2024-23985.json) (`2024-01-25T05:15:08.370`)
+* [CVE-2023-33757](CVE-2023/CVE-2023-337xx/CVE-2023-33757.json) (`2024-01-25T08:15:08.420`)
+* [CVE-2023-33758](CVE-2023/CVE-2023-337xx/CVE-2023-33758.json) (`2024-01-25T08:15:08.573`)
+* [CVE-2023-33759](CVE-2023/CVE-2023-337xx/CVE-2023-33759.json) (`2024-01-25T08:15:08.637`)
+* [CVE-2023-33760](CVE-2023/CVE-2023-337xx/CVE-2023-33760.json) (`2024-01-25T08:15:08.707`)
+* [CVE-2024-22099](CVE-2024/CVE-2024-220xx/CVE-2024-22099.json) (`2024-01-25T07:15:08.697`)
+* [CVE-2024-23307](CVE-2024/CVE-2024-233xx/CVE-2024-23307.json) (`2024-01-25T07:15:09.940`)
 
 
 ### CVEs modified in the last Commit
 
-Recently modified CVEs: `0`
+Recently modified CVEs: `4`
 
+* [CVE-2023-39191](CVE-2023/CVE-2023-391xx/CVE-2023-39191.json) (`2024-01-25T08:15:08.770`)
+* [CVE-2023-3812](CVE-2023/CVE-2023-38xx/CVE-2023-3812.json) (`2024-01-25T08:15:09.043`)
+* [CVE-2023-42753](CVE-2023/CVE-2023-427xx/CVE-2023-42753.json) (`2024-01-25T08:15:09.633`)
+* [CVE-2023-5178](CVE-2023/CVE-2023-51xx/CVE-2023-5178.json) (`2024-01-25T08:15:10.027`)
 
 
 ## Download and Usage